Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A computer program product for managing cooperative computer software applications, the computer program product comprising: a non-transitory, computer-readable storage medium; and computer-readable program code embodied in the storage medium, wherein the computer-readable program code is configured to set a budget indicating a number of alerts for suspicious activity by setting the budget equal to a selected targeted average rate of alerts produced by the system over a pre-determined period of time, adjust a working threshold risk score by defining an initial working threshold risk score, providing a history of recorded top risk scores within a budget sliding interval window, and adjusting the initial working threshold to an increased working threshold such that a number of the recorded top risk scores that exceed the initial working threshold is calculated to be less than or equal to the number of alerts indicated by the set budget, use the adjusted working threshold to normalize incoming risk scores, and determine whether an incoming risk score should receive an alert, wherein the computer-readable program code is further configured to set the budget for multiple risk score types, wherein each of the multiple risk score types receives a portion of the budget.
This invention relates to managing cooperative computer software applications by controlling the number of alerts generated for suspicious activity. The system addresses the problem of alert fatigue, where an excessive number of alerts can overwhelm users and reduce the effectiveness of security monitoring. The solution involves setting a budget that defines the maximum number of alerts allowed over a predefined time period, based on a targeted average rate of alerts. The system adjusts a working threshold risk score to ensure that only the most critical alerts are generated, preventing alert overload while maintaining security. The adjustment process involves analyzing a history of recorded top risk scores within a sliding time window and modifying the initial threshold to limit the number of alerts to the budgeted amount. The system can also allocate portions of the budget to different risk score types, allowing for customized alert management across various security concerns. By normalizing incoming risk scores against the adjusted threshold, the system determines whether an alert should be triggered, ensuring efficient and effective monitoring of suspicious activity.
2. The computer program product according to claim 1 wherein the portion for one of the multiple risk score types is not equal to the portion for another of the multiple risk score types.
This invention relates to a computer program product for calculating and displaying risk scores, addressing the challenge of providing a comprehensive and balanced assessment of multiple risk factors. The system generates risk scores for different risk types, such as financial, operational, or compliance risks, and assigns unequal weightings to these scores based on their relative importance. The program dynamically adjusts the portions or weights of each risk score type to reflect varying risk priorities, ensuring that higher-priority risks are given greater emphasis in the overall assessment. The invention also includes a user interface that displays the weighted risk scores, allowing users to visualize and analyze the relative significance of different risk factors. The unequal weighting mechanism enables more accurate risk prioritization, helping organizations make informed decisions based on the most critical risks. The system may also include additional features, such as risk score normalization or aggregation, to provide a unified risk assessment across diverse risk categories. This approach improves risk management by ensuring that the most relevant risks are highlighted and addressed appropriately.
3. A computer program product for managing cooperative computer software applications, the computer program product comprising: a non-transitory, computer-readable storage medium; and computer-readable program code embodied in the storage medium, wherein the computer-readable program code is configured to set a budget indicating a number of alerts for suspicious activity by setting the budget equal to a selected targeted average rate of alerts produced by the system over a pre-determined period of time, adjust a working threshold risk score by defining an initial working threshold risk score, providing a history of recorded top risk scores within a budget sliding interval window, and adjusting the initial working threshold to an increased working threshold such that a number of the recorded top risk scores that exceed the initial working threshold is calculated to be less than or equal to the number of alerts indicated by the set budget, use the adjusted working threshold to normalize incoming risk scores, and determine whether an incoming risk score should receive an alert, wherein the computer-readable program code is further configured to include a first risk score for a first risk score type and a second risk score for a second risk score type, said first risk score and said second risk score normalized and combined into a combined risk score, and define the working threshold as a combined working threshold, wherein the combined working threshold is combined score working threshold for combined risk scores.
This invention relates to managing cooperative computer software applications by controlling the number of alerts generated for suspicious activity. The system addresses the problem of alert fatigue, where excessive alerts overwhelm users, by dynamically adjusting alert thresholds to maintain a targeted average rate of alerts over a predefined period. The system sets a budget indicating the maximum number of alerts allowed, then adjusts a working threshold risk score to ensure the number of alerts does not exceed this budget. The adjustment process involves defining an initial working threshold, analyzing a history of recorded top risk scores within a sliding interval window, and increasing the threshold until the number of recorded scores exceeding it matches or falls below the budget. The system normalizes incoming risk scores against this adjusted threshold to determine whether an alert should be triggered. The invention also supports multiple risk score types, combining them into a single normalized score and applying a combined working threshold for alert determination. This approach ensures alerts are generated at a controlled, manageable rate while maintaining detection effectiveness.
Unknown
May 19, 2020
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.